Social engineering is the psychological manipulation of targeted individuals to perform actions or provide confidential information. Attackers target users / individuals within an organization, to access sensitive information that should not be shared publicly.
Social engineering is not limited to the more well-known type, email-based phishing. Social Engineering is always evolving and encompasses any phycological manipulation on individuals that lead to the attacker’s goal.
Examples of social engineering are:
Attackers call targets and try to maniuplate them via a phone conversation. These attackers tend to have a high success rate, as the targets have little time to think as its a live conversation.
Smses are used to manipulate targets to take actions against their best interest. Attackers can impersonate companies and try steal credentials, money, provide sensitive information etc
Attackers will try and gain phyiscal access to the building to achieve their goal. Attackers use variety of techniques to get employees to act against their best wishes. This can range from dressing as a delivery person, impersonating a new employee to testing both the employees and the locations physical security safeguards.
Email based phishing can range from mass emails employees to highly targetted phishing emails, customly main for a specific individual (spear phishing). Attackers have all the time to research the targetted company and the employees, they can use this research to increaes the likelyhood the targets will fall for their phishing emails.
We make your security project stress-free for you to have the perfect control.
After scoping is defined and parameters set, our consultants start with general reconnaissance and attack surface mapping.
After conducting our intial research, our consultants establish the best plan of attack for example
This is always different for each social engineering engagement. As our consultants decide what is the best approach to target the organization, within in the scope and rules set by the client. However, to list some examples of preparation:
In this phase our consultants launch the attack on the targetted company. This could range from:
Get the right advice from the start, or tell us what you are looking for. Book a free consultation below